加收藏
Introduction to Docker:CTO对Docker的全方位介绍
第1页
Introduction to DockerNovember, 2013
第2页
Contents
Introduction to Docker, Containers, and the Matrix from Hell
Why people care: Separation of Concerns
Technical Discussion
Ecosystem
Use Cases
Docker Futures
Advanced topics: Networking, Data
OpenStack
Learn More
Why people care: Separation of Concerns
Technical Discussion
Ecosystem
Use Cases
Docker Futures
Advanced topics: Networking, Data
OpenStack
Learn More
第3页
In the 8 months since we launched
>200,000 pulls
>7,500 github stars
>200 significant contributors
>200 projects built on top of docker
UIs, mini-PaaS, Remote Desktop….
1000’s of Dockerized applications
Memcached, Redis, Node.js…and Hadoop
Integration in Jenkins, Travis, Chef, Puppet, Vagrant and OpenStack
Meetups arranged around the world…with organizations like Ebay, Cloudflare, Yandex, and Rackspace presenting on their use of Docker
>7,500 github stars
>200 significant contributors
>200 projects built on top of docker
UIs, mini-PaaS, Remote Desktop….
1000’s of Dockerized applications
Memcached, Redis, Node.js…and Hadoop
Integration in Jenkins, Travis, Chef, Puppet, Vagrant and OpenStack
Meetups arranged around the world…with organizations like Ebay, Cloudflare, Yandex, and Rackspace presenting on their use of Docker
第4页
Why all the excitement?
第5页
Static website
Web frontend
User DB
Queue
Analytics DB
Background workers
API endpoint
nginx 1.5 + modsecurity + openssl + bootstrap 2
postgresql + pgv8 + v8
hadoop + hive + thrift + OpenJDK
Ruby + Rails + sass + Unicorn
Redis + redis-sentinel
Python 3.0 + celery + pyredis + libcurl + ffmpeg + libopencv + nodejs + phantomjs
Python 2.7 + Flask + pyredis + celery + psycopg + postgresql-client
Development VM
QA server
Public Cloud
Disaster recovery
Contributor’s laptop
Production Servers
The Challenge
Multiplicity of Stacks
Multiplicity of hardware environments
Production Cluster
Customer Data Center
Do services and apps interact appropriately?
Can I migrate smoothly and quickly?
第6页
The Matrix From Hell
第7页
Multiplicity of Goods
Multipilicity of methods for transporting/storing
Do I worry about how goods interact (e.g. coffee beans next to spices)
Can I transport quickly and smoothly
(e.g. from boat to train to truck)
(e.g. from boat to train to truck)
Cargo Transport Pre-1960
第8页
Also a matrix from hell
第9页
Multiplicity of Goods
Multiplicity of methods for transporting/storing
Do I worry about how goods interact (e.g. coffee beans next to spices)
Can I transport quickly and smoothly
(e.g. from boat to train to truck)
(e.g. from boat to train to truck)
Solution: Intermodal Shipping Container
…in between, can be loaded and unloaded, stacked, transported efficiently over long distances, and transferred from one mode of transport to another
A standard container that is loaded with virtually any goods, and stays sealed until it reaches final delivery.
第10页
Static website
Web frontend
User DB
Queue
Analytics DB
Development VM
QA server
Public Cloud
Contributor’s laptop
Docker is a shipping container system for code
Multiplicity of Stacks
Multiplicity of hardware environments
Production Cluster
Customer Data Center
Do services and apps interact appropriately?
Can I migrate smoothly and quickly
…that can be manipulated using standard operations and run consistently on virtually any hardware platform
An engine that enables any payload to be encapsulated as a lightweight, portable, self-sufficient container…
第11页
Docker eliminates the matrix from Hell
第12页
Why Developers Care
Build once…(finally) run anywhere*
A clean, safe, hygienic and portable runtime environment for your app.
No worries about missing dependencies, packages and other pain points during subsequent deployments.
Run each app in its own isolated container, so you can run various versions of libraries and other dependencies for each app without worrying
Automate testing, integration, packaging…anything you can script
Reduce/eliminate concerns about compatibility on different platforms, either your own or your customers.
Cheap, zero-penalty containers to deploy services? A VM without the overhead of a VM? Instant replay and reset of image snapshots? That’s the power of Docker
* With the 0.7 release, we support any x86 server running a modern Linux kernel (3.2+ generally. 2.6.32+ for RHEL 6.5+, Fedora, & related)
A clean, safe, hygienic and portable runtime environment for your app.
No worries about missing dependencies, packages and other pain points during subsequent deployments.
Run each app in its own isolated container, so you can run various versions of libraries and other dependencies for each app without worrying
Automate testing, integration, packaging…anything you can script
Reduce/eliminate concerns about compatibility on different platforms, either your own or your customers.
Cheap, zero-penalty containers to deploy services? A VM without the overhead of a VM? Instant replay and reset of image snapshots? That’s the power of Docker
* With the 0.7 release, we support any x86 server running a modern Linux kernel (3.2+ generally. 2.6.32+ for RHEL 6.5+, Fedora, & related)
第13页
Why Devops Cares?
Configure once…run anything
Make the entire lifecycle more efficient, consistent, and repeatable
Increase the quality of code produced by developers.
Eliminate inconsistencies between development, test, production, and customer environments
Support segregation of duties
Significantly improves the speed and reliability of continuous deployment and continuous integration systems
Because the containers are so lightweight, address significant performance, costs, deployment, and portability issues normally associated with VMs
Make the entire lifecycle more efficient, consistent, and repeatable
Increase the quality of code produced by developers.
Eliminate inconsistencies between development, test, production, and customer environments
Support segregation of duties
Significantly improves the speed and reliability of continuous deployment and continuous integration systems
Because the containers are so lightweight, address significant performance, costs, deployment, and portability issues normally associated with VMs
第14页
Why it works—separation of concerns
Dan the Developer
Worries about what’s “inside” the container
His code
His Libraries
His Package Manager
His Apps
His Data
All Linux servers look the same
Worries about what’s “inside” the container
His code
His Libraries
His Package Manager
His Apps
His Data
All Linux servers look the same
Oscar the Ops Guy
Worries about what’s “outside” the container
Logging
Remote access
Monitoring
Network config
All containers start, stop, copy, attach, migrate, etc. the same way
Worries about what’s “outside” the container
Logging
Remote access
Monitoring
Network config
All containers start, stop, copy, attach, migrate, etc. the same way
第15页
More technical explanation
High Level—It’s a lightweight VM
Own process space
Own network interface
Can run stuff as root
Can have its own /sbin/init (different from host)
<>
Own process space
Own network interface
Can run stuff as root
Can have its own /sbin/init (different from host)
<
Low Level—It’s chroot on steroids
Can also not have its own /sbin/init
Container=isolated processes
Share kernel with host
No device emulation (neither HVM nor PV) from host)
<>
Can also not have its own /sbin/init
Container=isolated processes
Share kernel with host
No device emulation (neither HVM nor PV) from host)
<
Run everywhere
Regardless of kernel version (2.6.32+)
Regardless of host distro
Physical or virtual, cloud or not
Container and host architecture must match*
Run anything
If it can run on the host, it can run in the container
i.e. if it can run on a Linux kernel, it can run
Regardless of kernel version (2.6.32+)
Regardless of host distro
Physical or virtual, cloud or not
Container and host architecture must match*
Run anything
If it can run on the host, it can run in the container
i.e. if it can run on a Linux kernel, it can run
WHY
WHAT
第16页
App
A
A
Containers vs. VMs
Hypervisor (Type 2)
Host OS
Server
Guest
OS
Bins/
Libs
App
A’
A’
Guest
OS
Bins/
Libs
App
B
B
Guest
OS
Bins/
Libs
App A’
Docker
Host OS
Server
Bins/Libs
App A
Bins/Libs
App B
App B’
App B’
App B’
VM
Container
Containers are isolated,
but share OS and, where
appropriate, bins/libraries
but share OS and, where
appropriate, bins/libraries
Guest
OS
Guest
OS
…result is significantly faster deployment, much less overhead, easier migration, faster restart
第17页
Why are Docker containers lightweight?
Bins/
Libs
App
A
A
Original App
(No OS to take
up space, resources,
or require restart)
(No OS to take
up space, resources,
or require restart)
App Δ
Bins/
App
A
A
Bins/
Libs
App
A’
A’
Guest
OS
Bins/
Libs
Modified App
Copy on write capabilities allow
us to only save the diffs
Between container A and container
A’
Copy on write capabilities allow
us to only save the diffs
Between container A and container
A’
VMs
Every app, every copy of an
app, and every slight modification
of the app requires a new virtual server
Every app, every copy of an
app, and every slight modification
of the app requires a new virtual server
App
A
A
Guest
OS
Bins/
Libs
Copy of
App
No OS. Can
Share bins/libs
App
No OS. Can
Share bins/libs
App
A
A
Guest
OS
Guest
OS
VMs
Containers
第18页
What are the basics of the Docker system?
Source Code Repository
Dockerfile
For
A
For
A
Docker Engine
Docker
Container
Image Registry
Build
Docker
Host 2 OS (Linux)
Container A
Container B
Container C
Container A
Push
Search
Pull
Run
Host 1 OS (Linux)
第19页
Changes and Updates
Docker Engine
Docker
Container
Image Registry
Docker Engine
Push
Update
Bins/
Libs
App
A
A
App Δ
Bins/
Base
Container
Image
Container
Image
Host is now running A’’
Container Mod A’’
App Δ
Bins/
Bins/
Libs
App
A
A
Bins/
Bins/
Libs
App
A’’
A’’
Host running A wants to upgrade to A’’. Requests update. Gets only diffs
Container Mod A’
第20页
Ecosystem Support
Operating systems
Virtually any distribution with a 2.6.32+ kernel
Red Hat/Docker collaboration to make work across RHEL 6.4+, Fedora, and other members of the family (2.6.32 +)
CoreOS—Small core OS purpose built with Docker
OpenStack
Docker integration into NOVA (& compatibility with Glance, Horizon, etc.) accepted for Havana release
Private PaaS
OpenShift
Solum (Rackspace, OpenStack)
Other TBA
Public PaaS
Deis, Voxoz, Cocaine (Yandex), Baidu PaaS
Public IaaS
Native support in Rackspace, Digital Ocean,+++
AMI (or equivalent) available for AWS & other
DevOps Tools
Integrations with Chef, Puppet, Jenkins, Travis, Salt, Ansible +++
Orchestration tools
Mesos, Heat, ++
Shipyard & others purpose built for Docker
Applications
1000’s of Dockerized applications available at index.docker.io
Virtually any distribution with a 2.6.32+ kernel
Red Hat/Docker collaboration to make work across RHEL 6.4+, Fedora, and other members of the family (2.6.32 +)
CoreOS—Small core OS purpose built with Docker
OpenStack
Docker integration into NOVA (& compatibility with Glance, Horizon, etc.) accepted for Havana release
Private PaaS
OpenShift
Solum (Rackspace, OpenStack)
Other TBA
Public PaaS
Deis, Voxoz, Cocaine (Yandex), Baidu PaaS
Public IaaS
Native support in Rackspace, Digital Ocean,+++
AMI (or equivalent) available for AWS & other
DevOps Tools
Integrations with Chef, Puppet, Jenkins, Travis, Salt, Ansible +++
Orchestration tools
Mesos, Heat, ++
Shipyard & others purpose built for Docker
Applications
1000’s of Dockerized applications available at index.docker.io
第21页
Use Cases
Ted Dziuba on the Use of Docker for Continuous Integration at Ebay Now
https://speakerdeck.com/teddziuba/docker-at-ebay
http://www.youtube.com/watch?feature=player_embedded&v=0Hi0W4gX--4
https://speakerdeck.com/teddziuba/docker-at-ebay
http://www.youtube.com/watch?feature=player_embedded&v=0Hi0W4gX--4
Sasha Klizhentas on use of Docker at Mailgun/Rackspace
http://www.youtube.com/watch?feature=player_embedded&v=CMC3xdAo9RI
http://www.youtube.com/watch?feature=player_embedded&v=CMC3xdAo9RI
Sebastien Pahl on use of Docker at CloudFlare
http://www.youtube.com/watch?feature=player_embedded&v=-Lj3jt_-3r0
http://www.youtube.com/watch?feature=player_embedded&v=-Lj3jt_-3r0
Cambridge HealthCare
http://blog.howareyou.com/post/62157486858/continuous-delivery-with-docker-and-jenkins-part-i
http://blog.howareyou.com/post/62157486858/continuous-delivery-with-docker-and-jenkins-part-i
Red Hat Openshift and Docker
https://www.openshift.com/blogs/technical-thoughts-on-openshift-and-docker
https://www.openshift.com/blogs/technical-thoughts-on-openshift-and-docker
第22页
Use Cases—From Our Community
第23页
Docker Futures*
Docker 0.7 (current release)
Fedora compatibility
Reduce kernel dependencies
Device mapper
Container linking
Docker 0.8 (Dec)
Shrink and stabilize Core
Provide stable, pluggable API
RHEL compatibility
Nested containers
Beam: Introspection API based on Redis
expand snapshot management features for data volumes
We will consider this “production ready”
Docker 0.9 (Jan)
Docker 1.0 (Feb)
We will offer support for this product
Fedora compatibility
Reduce kernel dependencies
Device mapper
Container linking
Docker 0.8 (Dec)
Shrink and stabilize Core
Provide stable, pluggable API
RHEL compatibility
Nested containers
Beam: Introspection API based on Redis
expand snapshot management features for data volumes
We will consider this “production ready”
Docker 0.9 (Jan)
Docker 1.0 (Feb)
We will offer support for this product
Docker 0.1-0.6
AUFS
Docker 0.8+
LXC
Device
Mapper
Mapper
LXC
LIBVIRT
JAILS
SELinux
Service
Discover
Discover
* We shoot for time based releases (1x/5wks), features are targeted, but not guaranteed for particular releases
第24页
Advanced topics
Data
Today: Externally mounted volumes
Share volumes between containers
Share volume between a containers and underlying hosts
high-performance storage backend for your production database
making live development changes available to a container, etc.
Optional: specify memory limit for containers, CPU priority
Device mapper/ LVM snapshots in 0.7
Futures:
I/O limits
Container resource monitoring (CPU & memory usage)
Orchestration (linking & synchronization between containers)
Cluster orchestration (multi-host environment)
Networking
Supported today:
UDP/TCP port allocation to containers
specifywhichpublic port to redirect. If you don’t specify a public port, Docker will revert to allocating a random public port.
Docker uses IPtables/netfilter
IP allocation to containers
Docker uses virtual interfaces, network bridge,
Futures:
See Pipework (Upstream) : Software-Defined Networking for Linux Containers (https://github.com/jpetazzo/pipework)
Certain pipework concepts will move from upstream to part of core Docker
Additional capabilities come with libvirt support in 0.8-0.9 timeframe
Today: Externally mounted volumes
Share volumes between containers
Share volume between a containers and underlying hosts
high-performance storage backend for your production database
making live development changes available to a container, etc.
Optional: specify memory limit for containers, CPU priority
Device mapper/ LVM snapshots in 0.7
Futures:
I/O limits
Container resource monitoring (CPU & memory usage)
Orchestration (linking & synchronization between containers)
Cluster orchestration (multi-host environment)
Networking
Supported today:
UDP/TCP port allocation to containers
specifywhichpublic port to redirect. If you don’t specify a public port, Docker will revert to allocating a random public port.
Docker uses IPtables/netfilter
IP allocation to containers
Docker uses virtual interfaces, network bridge,
Futures:
See Pipework (Upstream) : Software-Defined Networking for Linux Containers (https://github.com/jpetazzo/pipework)
Certain pipework concepts will move from upstream to part of core Docker
Additional capabilities come with libvirt support in 0.8-0.9 timeframe
第25页
OpenStack / Docker
New hypervisor to enable Nova to deploy Linux containers
第26页
Why Docker + OpenStack
Alternative to VMs within OpenStack-today
Easier deployment of OpenStack itself-near future
Cross cloud application deployment
At OpenStack Summit we will show:
Building and testing an application from source
Running on a laptop
Running it, without modification or noticeable downtime, on a public cloud
Running it, without modification or noticeable downtime, on an openstack cluster
Doing all of the above using Nova, Glance and Horizon
Containers orchestration with OpenStack Heat (Demo at summit)
Easier deployment of OpenStack itself-near future
Cross cloud application deployment
At OpenStack Summit we will show:
Building and testing an application from source
Running on a laptop
Running it, without modification or noticeable downtime, on a public cloud
Running it, without modification or noticeable downtime, on an openstack cluster
Doing all of the above using Nova, Glance and Horizon
Containers orchestration with OpenStack Heat (Demo at summit)
第27页
Why a new hypervisor?
Nova a computing controller for OpenStack
Nova support for containers is minimal (via LibVirt)
Enables control of Docker through OpenStack projects (ex: deploy containers via Horizon Web UI)
Nova support for containers is minimal (via LibVirt)
Enables control of Docker through OpenStack projects (ex: deploy containers via Horizon Web UI)
第28页
Want to learn more?
www.docker.io:
Documentation
Getting started: interactive tutorial, installation instructions, getting started guide,
About: Introductory whitepaper: http://www.docker.io/the-whole-story/
Github: dotcloud/docker
IRC: freenode/#docker
Google groups: groups.google.com/forum/#!forum/docker-user
Twitter: follow @docker
Meetups: Scheduled for Boston, San Francisco, Austin, London, Paris, Boulder…and Nairobi. https://www.docker.io/meetups/
Documentation
Getting started: interactive tutorial, installation instructions, getting started guide,
About: Introductory whitepaper: http://www.docker.io/the-whole-story/
Github: dotcloud/docker
IRC: freenode/#docker
Google groups: groups.google.com/forum/#!forum/docker-user
Twitter: follow @docker
Meetups: Scheduled for Boston, San Francisco, Austin, London, Paris, Boulder…and Nairobi. https://www.docker.io/meetups/
第29页
www.docker.io